Health data and digital healthcare: MedTech Europe Recommendations

On June 16, 2021, the European trade association representing the medical technology industries named MedTech Europe (the “Association” or “MedTech”) published a document containing recommendations for maximizing benefits from use of health data collected via medical devices (“Unlocking the full benefits of health data,” the “Recommendations” or “Position Paper”).

For that purpose, the Association suggests using certain legal tools designed to help overcome the legal barriers that currently limit the use of such data and, therefore, keep health data processing from reaching its full potential. According to the Position Paper, clear rules need to be in place across Europe that allow companies that produce medical devices to collect, process, and share health data to develop items such as new—and increasingly personalized—patient treatment solutions.

The goal is to strike a balance between protecting personal data and encouraging scientific and business innovation by clarifying regulations connected to application of Regulation (EU) 2016/679 on personal data protection (“GDPR”) and developing the European Health Data Space (European Health Data Space – “EHDS”).

MedTech demonstrates that appropriate use of health data would pave the way for full development of a digital health system, which would deliver more efficient, safe, and innovative health care.

1. Medical devices using health data

Appropriate use of health data from medical devices offers benefits in multiple areas. For example, patients can be empowered by wearable devices that constantly inform them of their health status. This kind of access to health data allows a person with diabetes, just as an example, to monitor their glucose level, and educates them as to how their daily behavior impacts their condition. Access to health data can be informative on an individual level, and in the larger scheme of things it decreases the burden on the healthcare system, as medical staff need to intervene only in times of crisis.

Furthermore, the opportunity to monitor a patient by providing health data to healthcare providers makes it easier to manage certain complicated situations, such as that of a patient in post-surgery rehab or one with a potentially fatal disease. In these cases, having access to the data in real time allows emergency care to be provided swiftly, and there are other tangible benefits. As seen in the use of implantable cardiac devices, applying algorithms to data makes it possible to identify conditions that once went unnoticed and to create plans for personalized care, including preventive care.

This data could yield additional benefits to the general public. Basically, analyzing a large amount of health data, especially if it is combined with data from other (official) sources, opens up avenues to explore connections between illness, behavior, and the environment. Additionally, artificial intelligence technologies can be applied to identify clusters of patients with similar characteristics who could be given customized treatment. The Covid-19 pandemic has clearly demonstrated that large-scale datasets allow healthcare providers to recognize patterns within populations and determine appropriate treatment more efficiently.

These are just some examples of how digitizing and producing data can play a pivotal role in making healthcare services more efficient, faster, and more sustainable. The Position Paper notes that in order for this tremendous potential to be realized, regulations will need to be developed that, rather than putting up barriers and creating complications, foster innovation while keeping personal data confidential.

2. Health data and medical devices: Legal obstacles

In the Position Paper, MedTech addresses legal barriers that limit access and restrict medical device companies from sharing health data.

Specifically, the Association suggests that the following legal barriers that hinder the development of digital healthcare could be addressed under a European regulatory framework:

• inconsistent implementation and interpretation of the GDPR by Member States;

• medical device company issues with using health data for secondary purposes (i.e., further processing of data for other purposes). The Recommendations give an example of a company that provides services to healthcare workers and hospitals acting as data processor, but then does not use the personal data collected for further research purposes due to lingering doubts and uncertainty about whether it’s legal to use the data for secondary purposes and the limits on such processing; and

• need for clarification regarding interaction between the GDPR and the medical device Regulation (EU) 2017/745 (“MDR”) and the in vitro diagnostic medical device Regulation (EU) 2017/746 (“IVDR”).

Regarding interaction between the GDPR and the MDR and IVDR, MedTech points out that companies find it challenging to identify a legal basis pursuant to the GDPR for allowing health data to be processed. Indeed, the Association says it remains unclear whether the obligations that the MDR and the IVDR impose upon medical device companies (e.g., oversight and post-market surveillance and predictive data analytics obligations) allow Article 9, paragraph 2, letters i) and j) of the GDPR to be used as a legal basis for health data processing, meaning that it is done for reasons of public interest in the public health sector, and/or for purposes of scientific research or statistical aims. If said legal bases are applicable, medical device companies could process health data without obtaining patient consent.

That uncertainty poses an obstacle to the use of health data and makes it harder to draw all the potential benefits for both patients and scientific innovation.

3. MedTech Recommendations

MedTech is calling on the European Union to play a key role in coordinating among Member States for the purpose of consistent application of the GDPR and to banish any uncertainty regarding application of the GDPR. Steps should be taken to protect patient health data while also incentivizing research and innovation, including with regard to the law and safeguarding intellectual property.

Clear regulations and guidelines that govern the behavior of Member States in a consistent way are needed. MedTech is calling on European and national policymakers to work together and take urgent action on the following:

• set forth rules for proper processing of health data when delivering healthcare (primary use) and for research and innovation purposes (secondary use) in order to encourage development of new technologies based on existing data that currently are not being used;
• provide clarification regarding (i) the legal basis for use pursuant to the GDPR for processing health data, (ii) the difference between obtaining consent to participate in a clinical study and consent as a legal basis for data processing, and (iii) the interplay between the GDPR, MDR, and IVDR;
• provide guidelines for data anonymization and pseudonymization techniques;
• identify existing exceptions for public interest and preventive medicine, for example, with regard to research conducted by pharmaceutical and medical device companies;
• offer clarification regarding transfer of data within and outside of the EU, as those regulations are still murky and their interpretation subject to uncertainty.